Why we made this change

Visitors are allowed 3 free articles per month (without a subscription), and private browsing prevents us from counting how many stories you've read. We hope you understand, and consider subscribing for unlimited online access.

Customer Headaches Could Curtail Apple’s Encryption Push

Apple’s Tim Cook says he doesn’t want his company to be able to read customer data—but he probably can’t make that happen.

At an event held during Apple’s fight with the FBI over whether it should help unlock a dead terrorist’s iPhone, CEO Tim Cook promised “We will not shrink” from the responsibility of protecting customer data —including from government overreach.

Yet the obvious next step for the company could be hard to take without inconveniencing customers.

Apple is currently able to read the contents of data stored in its iCloud backup service, something at odds with Cook’s claims that he doesn’t want his company to be capable of accessing customer data such as mobile messages.

Apple has not denied reports it is working to change that. And the company is expected to make some mention of its security technology at its World Wide Developers Conference next week, as it did at March’s iPhone event in March.

But redesigning iCloud so that only customers can unlock their data would increase the risk of people irrevocably losing access to precious photos and messages when they lose their passwords. Apple would not be able to reset a customer’s password for them.

“That’s a really tough call for a company that says its products ‘Just work,’” says Chris Soghoian, a principal technologist with the American Civil Liberties Union—referring to a favorite line of Apple’s founder, Steve Jobs.

Cook has boasted of how the encryption built into Apple’s iPhones and iMessage system keeps people safe by ensuring that only they can access their data. FBI director James Comey has complained about it.

But the design of iCloud means that Apple can read much of its customers’ data, and help the government do so, too. The service is enabled by default (although you can opt out), and automatically backs up messages, photos, and more to the company’s servers. There the data is protected by encryption, which Apple has the key to unlock. The company’s standoff with the FBI happened only because the backups Apple handed the agency from San Bernardino shooter Syed Farook’s iPhone ended six weeks before the shooting, because he had turned them off.

Apple could lock itself and law enforcement out of iCloud data by encrypting each person’s iCloud backups using a password under his control, perhaps the same one that locks his iPhone.

The company has not denied reports from the Financial Times and Wall Street Journal that it is working on such a design. Passwords and credit card details stored using an iCloud feature called Keychain are already protected in this way. But taking this approach would prevent Apple from being able to reset a person’s password if he forgets it. The data would be effectively gone forever.

“It puts control on the customer but also responsibility on the customer,” he says. “This will likely be an option, not the default.”

Soghoian of the ACLU agrees. “I think they will probably offer it as an option, but be reluctant to advertise that feature much,” he says. “More people forget their passwords than get investigated by the FBI.”

Bryan Ford, an associate professor at the Swiss Federal Institute of Technology in Lausanne, says Apple could take steps to reduce the risk of accidental data loss.

The company’s FileVault disk encryption feature for PCs offers the option to print out a recovery key. A similar process could be used for iCloud encryption, says Ford.

Apple could also implement other safeguards, he says. For example, people could have the option of distributing extra encryption keys or passwords to several “trustees,” who could help recover data if the original password was lost. To prevent abuse it could be required that a certain number of trustees, say, three of five, came forward to unlock the data.

The cryptography needed for such a design is well understood, says Ford. He recently designed a similar but more complex system intended to help companies such as Apple prevent their software updates from being abused (see “How Apple Could Fed-Proof Its Software Update System”).

Alan Fairless, cofounder and CEO of SpiderOak, which offers companies fully encrypted data storage, says he thinks companies like Apple will eventually make truly secure cloud storage accessible to consumers.

Encrypted messaging was clunky and hard to use until recently, but is now widespread thanks to Apple and WhatsApp, he points out. Encrypting stored data is more challenging, but Apple has shown itself willing to spend significantly on encryption technology, for example by adding new chips to the iPhone, says Fairless.

However, he also thinks Apple and its customers aren’t yet ready for encrypted iCloud backups to be the default. “It’ll take consumer technology a while to catch up,” says Fairless.

Tagged

Credit

I’m MIT Technology Review’s San Francisco bureau chief and enjoy a diverse diet of algorithms, Internet, and human-computer interaction with chips on the side. I lead our coverage of new ideas from Silicon Valley, whether they spring from tech… More giants, new startups, or academic labs.

My journey to the West Coast started in a small English market town and took in the University of Cambridge, Imperial College London, and five years writing and editing technology news coverage at New Scientist magazine.

The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

You've read
of three
free articles this month.
Subscribe now for unlimited online access.
You've read
of three
free articles this month.
Subscribe now for unlimited online access.
This is your last free article this month.
Subscribe now for unlimited online access.
You've read all your free articles this month.
Subscribe now for unlimited online access.
You've read
of three
free articles this month.
Log in for more, or subscribe now for unlimited online access.
Log in for two more free articles, or subscribe now
for unlimited online access.